systematic fuzzing and testing of tls
play

Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky 1 - PowerPoint PPT Presentation

Jan 10, 2024 •37 likes •467 views

Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky 1 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 1 Transport Layer Security The most important crypto protocol HTTP, SMTP,

  1. Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky 1 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 1

  2. Transport Layer Security • The most important crypto protocol • HTTP, SMTP, IMAP … Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 2 2

  3. TLS History Secure Sockets Layer (SSL), SSLv2 Wagner, Schneier: Analysis of 1995 SSLv3 SSLv3 Bleichenbacher’s attack Trasnsport Layer Security 2000 Padding oracle attack 2005 TLS 1.1 TLS 1.2 2010 BEAST, CRIME, BREACH, Lucky 13 TLS 1.3 2015 3 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 3

  4. Questions • How can we test these attacks? • Can we find such attacks automatically? Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 5 5

  5. Approach [SP2-17] 1. Collect TLS libraries 2. 3. Profit Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 6 6

  6. Approach [SP2-17] 1. Collect TLS libraries 2. 3. Profit Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 7 7

  7. Contributions • Flexible TLS framework • Fuzzing, testing, w riting attacks … • High impact vulnerability in OpenSSL • Additional vulnerabilities in Botan, MatrixSSL … • https://github.com/RUB-NDS/TLS-Attacker Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 8 8

  8. Overview 1. TLS Protocol 2. Attacks 3. Framework Prerequisites 4. TLS-Attacker Design 5. Fuzzing 6. Results 7. Conclusions Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 9 9

  9. TLS RSA Handshake ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec (Client-) Finished ChangeCipherSpec (Server-) Finished Application Application Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 10 10

  10. TLS is complex … • Different versions • Crypto primitives: RSA, EC, AES, 3DES, RC4, Chacha, Poly1305, New Hope • Extensions • Protocol flows Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 11 11

  11. TLS is complex … ClientHello ServerHello Certificate ServerKeyExchange Certificate ServerHelloDone ClientKeyExchange CertificateVerify ChangeCipherSpec (Client-) Finished ChangeCipherSpec (Server-) Finished Heartbeat Application Heartbeat Application Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 12 12

  12. Overview 1. TLS Protocol 2. Attacks 3. Framework Prerequisites 4. TLS-Attacker Design 5. Fuzzing 6. Results 7. Conclusions Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 13 13

  13. TLS History Secure Sockets Layer (SSL), SSLv2 Wagner, Schneier: Analysis of 1995 SSLv3 SSLv3 Bleichenbacher’s attack Trasnsport Layer Security 2000 Padding oracle attack 2005 TLS 1.1 TLS 1.2 2010 BEAST, CRIME, BREACH, Lucky 13 TLS 1.3 2015 14 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 14

  14. Early CCS ClientHello ServerHello Certificate ServerHelloDone ClientKeyExchange ChangeCipherSpec (Client-) Finished ChangeCipherSpec (Server-) Finished Server computes the master key based on a zero value Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 15 15

  15. Early CCS • Man-in-the-Middle attacks • Further state machine attacks in 2015: – Beurdouche et al.: FREAK – de Ruiter and Poll Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 16 16

  16. Heartbleed Server [TLS Handshake] Heartbeat 00 07 DeepSec Heartbeat 00 07 DeepSec 17 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 17

  17. Heartbleed Server [TLS Handshake] Heartbeat 10 00 DeepSec Heartbeat 10 00 DeepSec ………. … [rsa key] 18 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 18 ….

  18. Padding oracle attacks • Adaptive chosen-ciphertext attacks Ciphertext C = Enc(M) C 1 valid/invalid C 2 valid/invalid … (repeated several times) M = Dec(C) • AES-CBC: Vaudenay’s attack • RSA-PKCS#1: Bleichenbacher’s attack 20 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 20

  19. Overview 1. TLS Protocol 2. Attacks 3. Framework Prerequisites 4. TLS-Attacker Design 5. Fuzzing 6. Results 7. Conclusions Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 21 21

  20. Recent Attacks on TLS • Not only crypto attacks … • Attacks on TLS state machines – FREAK – Early CCS • Buffer overflows / overreads – Heartbleed – CVE-2016-6307 (High) -> CVE-2016-6309 (Critical) • Tool for flexible protocol executions needed 22 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 22

  21. Framework Prerequisites • Flexible protocol flow ClientHello definition ServerHello Certificate • Message modifications ServerHelloDone • Invalid behavior ClientKeyExchange ClientKeyExchange detection ChangeCipherSpec • Protocol flow (Client-) Finished ChangeCipherSpec reproduction (Server-) Finished Application Application Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 23

  22. Overview 1. TLS Protocol 2. Attacks 3. Framework Prerequisites 4. TLS-Attacker Design 5. Fuzzing 6. Results 7. Conclusions Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 24 24

  23. High-Level Overview Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 25 25

  24. Modifiable variables • Define basic data types (integer, byte, arrays) with modifications • Example: ModifiableInteger i = new ModifiableInteger(); i.setValue( 30 ); i.setModification(new AddModification( 20 )); System.out.println(i.getValue()); // 50 • Further modifications: xor , shuffle, delete, … Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 26 26

  25. Protocol messages • ClientHello ClientHelloMessage cipherSuites: ModifiableByteArray cipherSuiteLength: ModifiableInteger … getCipherSuites() getCipherSuiteLength() • Stored in a message list • Serializable in XML Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 27 27

  26. Defining a protocol flow <protocolMessages> <ClientHello> <supportedCipherSuites> <CipherSuite>TLS_RSA_WITH_AES_128_CBC_SHA</CipherSuite> </supportedCipherSuites> </ClientHello> <ServerHello/> <Certificate/> <ServerHelloDone/> <RSAClientKeyExchange/> <RSAClientKeyExchange/> <ChangeCipherSpec/> <Finished/> <ChangeCipherSpec/> <Finished/> <Application/> </protocolMessages> 29 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 29

  27. Defining a protocol flow <protocolMessages> <ClientHello> <supportedCipherSuites> <CipherSuite>TLS_RSA_WITH_AES_128_CBC_SHA</CipherSuite> </supportedCipherSuites> </ClientHello> <ServerHello/> <Certificate/> <ServerHelloDone/> <RSAClientKeyExchange/> <ChangeCipherSpec/> <Heartbeat> <Finished/> <payloadLength> <ChangeCipherSpec/> <integerAddModification> <Finished/> 20000 <Heartbeat/> </integerAddModification> </protocolMessages> </payloadLength> </Heartbeat> 30 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 30

  28. Overview 1. TLS Protocol 2. Attacks 3. Framework Prerequisites 4. TLS-Attacker Design 5. Fuzzing 6. Results 7. Conclusions Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 32 32

  29. Vulnerability detection • How do we detect invalid server behavior? 1. Different TLS alerts – Useful by padding oracle attacks 2. Address Sanitizer (ASan) – Detects memory errors at runtime – Available in recent compilers, e.g. GCC • Vulnerability found -> protocol stored in XML Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 33 33

  30. Two-stage concept • Currently only server evaluation 1. Crypto – Padding oracles, Bleichenbacher attack, invalid curve attacks, POODLE … 2. Fuzzing for boundary violations – 3 phases Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 34 34

  31. Fuzzing for boundary violations ClientHelloMessage 1. Variable filtering cipherSuites – Not all variables suitable cipherSuiteLength clientRandom extensions extensionLength …. 2. Fuzzing with filtered variables – Random modifications (add, delete, xor) – Boundary values (-128, -1, 0, 32768, …) 3. Fuzzing with modified protocol flows Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 35 35

Recommend

Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me

Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me

Fuzzing Kamailio Security testing the Kamailio SIP server with fuzzing Agenda About me Motivation Introduction of fuzzing and afl fuzzer Necessary changes to the core and configuration Testing setup Example SIP messages and

1.03k views • 35 slides
Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is

Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is

Fuzzing for CyberSecurity Abe Cohen 2019-11-13 Fuzzing for CyberSecurity What is fuzzing/fuzz testing? Why AFL? How does it work with GNAT Pro/Ada? Premise: Fuzz Testing Definition: Stable Software Software that is highly

649 views • 16 slides
Security Testing fuzzing protocol fuzzing m odel-based testing autom ated reverse engineering

Security Testing fuzzing protocol fuzzing m odel-based testing autom ated reverse engineering

Security Testing fuzzing protocol fuzzing m odel-based testing autom ated reverse engineering autom ated reverse engineering Erik Poll Erik Poll Radboud University Nijmegen Testing Ingredients T ti I di t Two things are needed to test

865 views • 53 slides
Systematic Analysis of testing-related Systematic Analysis of testing-related publications

Systematic Analysis of testing-related Systematic Analysis of testing-related publications

Systematic Analysis of testing-related Systematic Analysis of testing-related publications concerning reprocucibility publications concerning reprocucibility and comparability and comparability Bachelor's Thesis Defense by Artur Solomonik

920 views • 59 slides
Fuzzing and how to evaluate it Michael Hicks The University of Maryland UM Joint work with

Fuzzing and how to evaluate it Michael Hicks The University of Maryland UM Joint work with

Fuzzing and how to evaluate it Michael Hicks The University of Maryland UM Joint work with George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei What is fuzzing? A kind of random testing Goal : make sure certain bad things dont happen,

1.25k views • 69 slides
Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Jared

Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Jared

Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing Jared DeMott Dr. Richard Enbody @msu.edu Dr. William Punch Black Hat 2007 www.vdalabs.com VDA Labs, LLC Agenda Goals and previous works (1)

683 views • 54 slides
What is fuzzing? A kind of random testing Goal : make sure certain bad things dont

What is fuzzing? A kind of random testing Goal : make sure certain bad things dont

What is fuzzing? A kind of random testing Goal : make sure certain bad things dont happen, no matter what ! Crashes, thrown exceptions, non-termination ! All of these things can be the foundation of security vulnerabilities

1.57k views • 14 slides
Specification-Based Testing 1 Stuart Anderson Stuart Anderson Specification-Based Testing 1

Specification-Based Testing 1 Stuart Anderson Stuart Anderson Specification-Based Testing 1

Specification-Based Testing 1 Stuart Anderson Stuart Anderson Specification-Based Testing 1 2011 c 1 Overview Basic terminology A view of faults through failure Systematic versus randomised testing A systematic approach to

492 views • 32 slides
Testing and Fuzzing Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security *

Testing and Fuzzing Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security *

Testing and Fuzzing Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * Some slides adapted from those by Trent Jaeger Our Goal Develop techniques to detect vulnerabilities automatically before they are exploited

1.17k views • 61 slides
CS412 Software Security Program Testing Fuzzing Mathias Payer EPFL, Spring 2019 Mathias

CS412 Software Security Program Testing Fuzzing Mathias Payer EPFL, Spring 2019 Mathias

CS412 Software Security Program Testing Fuzzing Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Why testing? Testing is the process of executing a program to find errors. An error is a deviation between observed

657 views • 39 slides
Detecting Concurrency Errors of Erlang Programs Using Systematic Testing Kostis Sagonas

Detecting Concurrency Errors of Erlang Programs Using Systematic Testing Kostis Sagonas

Detecting Concurrency Errors of Erlang Programs Using Systematic Testing Kostis Sagonas kostis@it.uu.se Outline Erlang Concurrency errors and their sources Systematic Concurrency Testing Concuerror &amp; Demo Techniques to

646 views • 20 slides
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101 Agenda GEEKZONE Overview of fuzzing techniques Tutorials on specific open-source fuzzers Demonstrations DIY fuzzing! Who

825 views • 50 slides
2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid

2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid

From Blackbox Fuzzing to Whitebox Fuzzing towards Verification 2000 2010 2015 2005 Blackbox Fuzzing Verification Whitebox Fuzzing Patrice Godefroid Microsoft Research ISSTA2010 Page 1 July 2010 Acknowledgments Joint work with:

633 views • 38 slides
Learning objectives Understand rationale and basic approach for systematic combinatorial

Learning objectives Understand rationale and basic approach for systematic combinatorial

Learning objectives Understand rationale and basic approach for systematic combinatorial testing Learn how to apply some representative Combinatorial testing combinatorial approaches Category-partition testing Pairwise

558 views • 14 slides
Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico

Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico

Coverage-guided Fuzzing of Individual Functions Without Source Code Alessandro Di Federico Politecnico di Milano October 25, 2018 1 Index Coverage-guided fuzzing An overview of rev.ng Experimental results 2 Fuzzing 3 Fuzzing 1 Generate

1.36k views • 72 slides
Fuzzing the Solidity Compiler Bhargava Shastry @ibags Ethereum Foundation bshastry Fuzzcon

Fuzzing the Solidity Compiler Bhargava Shastry @ibags Ethereum Foundation bshastry Fuzzcon

Fuzzing the Solidity Compiler Bhargava Shastry @ibags Ethereum Foundation bshastry Fuzzcon Europe 2020 | Fuzzing the Solidity Compiler 2 whoami Security engineer, Solidity team Semantic testing of Solidity compiler Find

441 views • 28 slides
Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange

Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange

Wi-Fi Advanced Fuzzing Wi-Fi Advanced Fuzzing Laurent BUTTI France Tlcom / Orange Division R&amp;D firstname dot lastname at orange-ftgroup dot com research &amp; development Forewords Wi-Fi Fuzzing/BlackHat EU 2007/Laurent Butti p

1.05k views • 78 slides
Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing

Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing

Modern Fuzzing of Media-processing projects Max Moroz, FOSDEM 2017 Agenda Fuzzing what is fuzzing, why fuzz, fuzzing types How to fuzz fuzz target, fuzzing engine, libFuzzer Media processing as a target

551 views • 19 slides
Human Papillomavirus (HPV) testing in cervical screening: a systematic review and clinical

Human Papillomavirus (HPV) testing in cervical screening: a systematic review and clinical

Human Papillomavirus (HPV) testing in cervical screening: a systematic review and clinical practice guideline presented by: Erin Kennedy, PEBC Research Coordinator at: World Cancer Congress 2012 August 28, 2012 Background and Methods !

149 views • 3 slides
Challenges in testing Model Transformations Amr Al-Mallah 1 Outline Overview/Motivation

Challenges in testing Model Transformations Amr Al-Mallah 1 Outline Overview/Motivation

Challenges in testing Model Transformations Amr Al-Mallah 1 Outline Overview/Motivation Systematic Software Testing Systematic Software Testing of Model Transformations. Focus : Model differencing 2 Overview Validate models

726 views • 44 slides
T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1

T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1

T-Fuzz: Fuzzing by Program Transformation Hui Peng 1 , Yan Shoshitaishvili 2 , Mathias Payer 1 1 2 Fuzzing as a bug finding approach Fuzzing is highly effective in finding bugs (CVEs) Developers use it as proactive defense measure:

844 views • 32 slides
RoboStar Technology Systematic Software Testing for Robotics Robert M. Hierons 1 and Raluca

RoboStar Technology Systematic Software Testing for Robotics Robert M. Hierons 1 and Raluca

RoboStar Technology Systematic Software Testing for Robotics Robert M. Hierons 1 and Raluca Lefticaru 2 University of Sheffield, University of Bradford, UK 14th November 2019 Thanks : Ana Cavalcanti, James Baxter, Manuel N u nez, Mercedes

459 views • 35 slides
FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr.

FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr.

MASTER SEMINAR WS16/17 PROF. DR. ALEXANDER PRETSCHNER SAAHIL OGNAWALA FUZZING FOR VULNERABILITY DETECTION FUZZING FOR VULNERABILITY DETECTION WHO WE ARE Prof. Dr. Alexander Pretschner Head of Chair XXII Software Engineering @TUM since

489 views • 21 slides
Fuzzing the Media Framework in Android Alexandru Blanda OTC Security QA 1 Agenda Introduction

Fuzzing the Media Framework in Android Alexandru Blanda OTC Security QA 1 Agenda Introduction

Fuzzing the Media Framework in Android Alexandru Blanda OTC Security QA 1 Agenda Introduction Fuzzing Media Content in Android Data Generation Fuzzing the Stagefright Framework Logging &amp; Triage Mechanisms 2 Introduction Fuzzing

1.12k views • 38 slides

More recommend